[Samba] How do I join an Centos8 workstation to an NT4 domain?

Rowland penny rpenny at samba.org
Tue Feb 23 19:51:27 UTC 2021 

On 23/02/2021 17:17, Nick via samba wrote:
>
>
> On 23/02/2021 16:29, Rowland penny via samba wrote:
>>
>> On 23/02/2021 14:19, Nick Howitt via samba wrote:
>>> Please don't ream me for using an NT4 domain, but that is the beast 
>>> I am stuck with.
>>
>>
>> You might think you are stuck with it, but unless you plan to upgrade 
>> to Samba AD, you might find you are stuck without it. NT4-style 
>> domains are going away, in fact they were deprecated at 4.13.0
>>
>> It is your decision, but I felt that I should warn you.
>>
>>>
>>> I am trying to join a Centos 8 workstation to an NT4 domain and the 
>>> only notes I have are not really applicable - 
>>> https://documentation.clearos.com/content:en_us:kb_howtos_add_linux_workstation_to_the_samba_domain. 
>>> It references Ubuntu and its PAM configuration is irrelevant. In any 
>>> case I believe the join is falling down before PAM even comes into 
>>> play.
>>
>>
>> Ensure that all the Samba daemons are stopped, then try this 
>> '[global]' section of the smb.conf:
>>
>> [global]
>>          domain master = No
>>          security = DOMAIN
>>          client min protocol = NT1
>>          template shell = /bin/bash
>>          winbind use default domain = Yes
>>          workgroup = HOME
>>          idmap config * : range = 3000-7999
>>          idmap config * : backend = tdb
>>          idmap config HOME : range = 10000000-19999999
>>          idmap config HOME : backend = rid
>>
>> Try the join again and if it joins, then start winbind followed by 
>> smbd and nmbd.
>>
>> Rowland
>>
>>
>>
> I'm afraid it is the same problem:
>
> [root at proxmox106 ~]# net rpc join -U winadmin
> Enter winadmin's password:
> Failed to join domain: failed to find DC for domain HOME - The object 
> was not found.
>
> I don't know if it is of interest but changing "client min protocol = 
> NT1" to "client max protocol = NT1" gave:
>
> [root at proxmox106 ~]# net rpc join -U winadmin
> lp_load_ex: Max protocol NT1 is less than min protocol SMB2_02.
> lp_load_ex: Max protocol NT1 is less than min protocol SMB2_02.
> Enter winadmin's password:
> Failed to join domain: failed to find DC for domain HOME - The object 
> was not found.
>
> Has NT1/SMB1 been removed from this version of Samba and could that be 
> a problem? The server was running with "server min protocol = SMB2" 
> and I changed it to allow SMB1 when I changed the min protocol to max 
> protocol.
>

No, SMBv1 (Samba calls it NT1) hasn't been removed, it will still be in 
4.14.0 when it is shortly released, but who knows about 4.15.0 ?

It was turned off by default at 4.11.0  but is still available for use 
by setting 'client min protocol = NT1' for connections to a server that 
uses it and setting 'server min protocol = NT1' to make a server use it. 
A Samba machine can be both a client and a server. There should be no 
reason to set 'client max protocol' or 'server max protocol', they are 
both set to SMBv3 and will negotiate the best protocol to use.

You could try adding '-S PDC_NAME' or '-I PDC_IP' to your join command.

Rowland

More information about the samba mailing list